Stream and Block Ciphers

• Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext • Block ciphers work on a given sized chunk of data at a time Lecture 4 Page 1 CS 236

Stream Ciphers

Key Plaintext CS 236 Encryption S mzqS Ciphertext Lecture 4 Page 2

Advantages of Stream Ciphers

+ Speed of encryption and decryption • Each symbol encrypted as soon as it’s available + Low error propagation • Errors affect only the symbol where the error occurred Lecture 4 Page 3 CS 236

Disadvantages of Stream Ciphers

– Low diffusion • Each symbol separately encrypted • Each ciphertext symbol only contains information about one plaintext symbol – Susceptible to insertions and modifications – Not good match for many common uses of cryptography – Some disadvantages can be mitigated by use of proper cryptographic mode CS 236 Lecture 4 Page 4

T r a n s f e r $ 1 0

Block Ciphers

Key T s r f $ a e 1 n r 0 Plaintext CS 236 Encryption Ciphertext Lecture 4 Page 5

Advantages of Block Ciphers

+ Diffusion • Easier to make a set of encrypted characters depend on each other + Immunity to insertions • Encrypted text arrives in known lengths Most common Internet crypto done with block cyphers CS 236 Lecture 4 Page 6

Disadvantages of Block Ciphers

– Slower • Need to wait for block of data before encryption/decryption starts – Worse error propagation • Errors affect entire blocks Lecture 4 Page 7 CS 236

Cryptographic Modes

• Let’s say you have a bunch of data to encrypt – Using the same cipher and key • How do you encrypt the entire set of data?

– Given block ciphers have limited block size – And stream ciphers just keep going CS 236 Lecture 4 Page 8

The Basic Situation

Let’s say our block cipher has a block size of 7 characters and we use the same key for all Now let’s encrypt There’s something odd here . . .

Is this good?

Why did it happen?

CS 236 Lecture 4 Page 9

Another Problem With This Approach

What if these are transmissions representing deposits into bank accounts?

Insertion Attack!

What if he owns account 5610993?

CS 236 1840326 2201568 3370259 5610993 6840924 8436018 5000 10 So far, so good . . .

Lecture 4 Page 10

What Caused the Problems?

• Each block of data was independently encrypted – With the same key • So two blocks with identical plaintext encrypt to the same ciphertext • Not usually a good thing • We used the wrong

cryptographic mode

– Electronic Codebook (ECB) Mode Lecture 4 Page 11 CS 236

Cryptographic Modes

• A cryptographic mode is a way of applying a particular cipher – Block or stream • The same cipher can be used in different modes – But other things are altered a bit • A cryptographic mode is a combination of cipher, key, and feedback – Plus some simple operations CS 236 Lecture 4 Page 12

So What Mode Should We Have Used?

• Cipher Block Chaining (CBC) mode might be better • Ties together a group of related encrypted blocks • Hides that two blocks are identical • Foils insertion attacks CS 236 Lecture 4 Page 13

Cipher Block Chaining Mode

• Adds feedback into encryption process • The encrypted version of the previous block is used to encrypt this block • For block X+1, XOR the plaintext with the ciphertext of block X – Then encrypt the result • Each block’s encryption depends on all previous blocks’ contents • Decryption is similar Lecture 4 Page 14 CS 236

What About the First Block?

• If we send the same first block in two messages with the same key, • Won’t it be encrypted the same way?

• Might easily happen with message headers or standardized file formats • If CBC used as described, the same message sent twice would encrypt the same way both times Lecture 4 Page 15 CS 236

Initialization Vectors

• A technique used with CBC – And other crypto modes – Abbreviated IV • Makes sure that encryption results are always unique – Even for duplicate message using the same key • XOR a random string with the first block –

plaintext



IV

– Then do CBC for subsequent blocks Lecture 4 Page 16 CS 236

How To Decrypt With Initialization Vectors?

• • First block received decrypts to

P

=

plaintext plaintext

=

P



IV



IV

• No problem if receiver knows

IV

– Typically,

IV

is sent in the message • Subsequent blocks use standard CBC – So can be decrypted that way Lecture 4 Page 17 CS 236

Some Important Crypto Modes

• Electronic codebook mode (ECB) • Cipher block chaining mode (CBC) • Cipher-feedback mode (CFB) and Output-feedback mode (OFB) Both convert block to stream cipher CS 236 Lecture 4 Page 18